light_mode “Be holy, for I am holy.” — 1 Peter 1:16

Christ-centered DNS filtering

DNS filtering that helps households and churches pursue holiness—free to use, sustained by generosity.

GraceDNS blocks domains that oppose historic Christian ethics. It is not a savior; Jesus is. But it is a practical guardrail for individuals, families, and churches who want screens that align with the gospel.

Explore the tiers Why we serve

Requests travel over encrypted DNS. Short-lived, anonymized logs exist only for troubleshooting; we do not sell or profile your data.

family_restroom

Families

Point your router so every phone, tablet, and TV shares the same Christ-centered boundaries.

person

Individuals

Missionaries, students, and travelers can steady one device with a quick DNS change.

church

Churches

Volunteers guard sanctuaries, classrooms, and livestream rooms without needing an IT staff.

groups

Ministries

Outreach and media teams keep shared ministry machines on the same Scripture-shaped filter.

school

Schools

Classrooms, labs, and co-op carts use the right tier with honor-system support and best-effort help.

apartment

Businesses

Small businesses run distraction-aware networks with the same Christ-centered guardrails.

Our calling

A tool to help hearts stay fixed on Christ

GraceDNS is a DNS filter, not a pathway to holiness. Only Jesus saves and sanctifies. We simply block domains that lead toward sin or distraction so individuals, families, and churches can keep their online lives set on things above.

family_restroom

Families

One tier on the router keeps every device in the house under shared, Christ-centered guardrails.

person

Individuals

Believers at school, work, or on the road can add a single DNS entry to steady one device.

church

Churches

Volunteers secure sanctuaries, offices, and livestream rooms without needing a staff engineer.

volunteer_activism

Ministries

Outreach and media teams keep shared ministry gear on the same Scripture-shaped filter.

school

Schools

Classrooms, labs, and co-op carts get protection with an honor-system expectation to contribute.

apartment

Businesses

Small business networks stay focused with the same DNS backbone we use—contact us if you need a quote.

Paths for every household

Three tiers to match your setting

GraceDNS is DNS filtering only. Choose a tier, copy the DNS-over-HTTPS (DoH) address or DNS-over-TLS (DoT) hostname, and every lookup flows through our anycast network. We scale infrastructure up and down so gifts stretch further while uptime stays strong.

Each tier trims harmful categories with as little breakage as possible. Eden, Sinai, and Zion share the same backbone; they simply increase how firmly they block trackers, ads, spam TLDs, and telemetry.

Sinai fits most families and churches: SafeSearch everywhere, explicit and gambling blocked, and a balanced cut of ads and telemetry.

Choose your tier

Pick the option that matches your family, individual device, or organization. We’ll show the right setup links.

spa

Eden

Gentle filter for homes and personal devices: malware, phishing, fraud, trackers, explicit content, gambling, piracy, and SafeSearch enforcement without heavy breakage.

  • Blocks malware, phishing, scams, explicit content, gambling
  • Enforces SafeSearch and trims common trackers
  • Designed for everyday browsing with minimal breakage

Blocks domains

Blocks TLDs

Covers categories

Allowlist exceptions:

lock

Most private option—enter this whenever a device supports DNS-over-HTTPS.

dns

Private fallback for gear that asks for a TLS hostname or Android Private DNS entry.

language

Primary IPv4

language

Secondary IPv4

Not encrypted—use only if DoH and DoT are unavailable on that device.

ios_share Install Apple profile

Works for iPhone, iPad, and Mac (including iMac and MacBook).

Malware & phishing
Explicit & gambling
SafeSearch enforcement
Piracy / illegal downloads
Proxy / VPN / DNS bypass
Ads & trackers (light)
Spam / risky TLDs removed
Telemetry & referrals
landscape

Sinai

Balanced filter that builds on Eden with heavier ad and telemetry reduction, spam TLD ejection, and SafeSearch for multiuser spaces like churches and families.

  • Inherits Eden plus stronger ad and telemetry filtering
  • Stops most proxy, VPN, and illicit download sites
  • lock Forces SafeSearch on every major engine
  • Balanced lockdown tuned to stay usable in shared spaces

Blocks domains

Blocks TLDs

Covers categories

Allowlist exceptions:

lock

Preferred Sinai endpoint; use it whenever a platform lets you paste a DoH URL.

dns

Second choice—encrypted via TLS for clients that only accept hostnames.

language

Primary IPv4

language

Secondary IPv4

Unencrypted legacy service; rely on it only when secure DNS cannot be configured.

ios_share Install Apple profile

Works for iPhone, iPad, and Mac (including iMac and MacBook).

Malware & phishing
Explicit & gambling
SafeSearch enforcement
Piracy / illegal downloads
Proxy / VPN / DNS bypass
Ads & trackers (stronger)
Spam / risky TLDs removed
Telemetry & referrals (balanced)
castle

Zion

Hard lockdown for kiosks, dedicated appliances, and younger browsers. Zion strips ads, trackers, spam TLDs, and deep telemetry/referral lists; plan to allowlist the occasional app store or streaming service.

  • Removes aggressive ad, tracking, and spam TLD networks
  • Clamps down on telemetry and referral analytics
  • Built for kiosks/appliances where uptime matters more than convenience; expect to fine-tune allowlists

Blocks domains

Blocks TLDs

Covers categories

Allowlist exceptions:

lock

Best privacy for Zion—browsers and apps should use this DoH URL whenever possible.

dns

Use this TLS hostname when devices rely on Apple profiles or Android Private DNS instead of raw URLs.

language

Primary IPv4

language

Secondary IPv4

Legacy IPv4 stays unencrypted; reach for it only if secure DNS settings are missing.

ios_share Install Apple profile

Works for iPhone, iPad, and Mac (including iMac and MacBook).

Malware & phishing
Explicit & gambling
SafeSearch enforcement
Piracy / illegal downloads
Proxy / VPN / DNS bypass
Ads & trackers (aggressive)
Spam / risky TLDs removed
Telemetry & referrals (deepest)

Tier insights

Fresh block stats for every tier

We publish current block counts whenever a build ships so you can see, at a glance, how much each tier is covering without guessing or taking our word for it.

Eden

domains blocked

categories tracked

TLDs blocked

Allowlist exceptions:

Sinai (recommended)

domains blocked

categories tracked

TLDs blocked

Allowlist exceptions:

Zion

domains blocked

categories tracked

TLDs blocked

Allowlist exceptions:

Updated · Git

Guides for every device

Set up GraceDNS in minutes

GraceDNS is DNS filtering only. Copy the DoH URL or DoT hostname for your tier, follow these short steps, and your devices inherit the same Christ-centered blocking without changing how you browse.

phone_android

Android (Private DNS / DoT)

  1. Open Settings → Network & internet (or Connections).
  2. Choose Private DNS.
  3. Select “Private DNS provider hostname”.
  4. Enter your tier’s DNS-over-TLS name (example: sinai.gracedns.org) and tap Save.

Older phones may need a trusted DNS app from the Play Store. Choose one that lets you paste the DNS-over-HTTPS URL.

phone_iphone

iPhone & iPad

  1. Tap the Install Apple profile button for your tier.
  2. Choose Allow when Safari asks to download the profile.
  3. Open Settings → Profile Downloaded.
  4. Install the profile and enter your passcode if prompted.
  5. GraceDNS activates instantly; install another profile to switch tiers.

iPhone and iPad trust these profiles system-wide, so every app follows the tier you select automatically.

laptop_mac

Mac (MacBook / iMac)

  1. Open System Settings → Network, choose your active interface, and click Details (or Advanced).
  2. Switch to the DNS tab and add the two GraceDNS IPv4 addresses for your tier.
  3. Ensure those addresses sit at the top of the list so macOS prefers them.
  4. To move to another tier, swap the IPv4 entries for the new tier’s numbers.

This keeps every Mac device routing DNS through GraceDNS without requiring profiles.

laptop_windows

Windows 10/11

  1. Open Settings → Network & internet and pick your active connection.
  2. Click Edit under DNS server assignment, choose Manual, and enable IPv4.
  3. Enter the GraceDNS IPv4 addresses for your tier.
  4. If Windows offers DNS encryption, set “Preferred DNS encryption” to Encrypted only (DNS over HTTPS) so the same addresses use DoH.

Older builds without DoH support will still honor those IPv4 entries without encryption.

router

Home routers

  1. Open your router dashboard (address is usually printed underneath).
  2. Locate the DNS or Internet settings area.
  3. Paste the GraceDNS IPv4 addresses or DoH/DoT hostname.
  4. Save. Every device on that network now follows your tier.

Keep another tier handy in case certain smart devices need less aggressive filtering.

school

Chromebooks & shared devices

  1. In the Google Admin console, go to Devices → Chrome → Settings for Devices.
  2. Find the Secure DNS section, choose a custom DoH template, and paste your tier’s DoH URL.
  3. Apply that policy to the organizational units that need protection.
  4. Sync devices so the template pushes down; personal Chromebooks can still set DNS manually if necessary.

Perfect for schools, co-ops, libraries, and multiuser carts.

Zion is the strictest tier—keep Sinai or Eden nearby for devices that must stay flexible.

Anchored in Scripture

“Guard your heart with all vigilance.”

“Guard your heart with all vigilance, for from it are the sources of life.”

Proverbs 4:23 fits this work: keep the wellspring clean so everything downstream stays pure. GraceDNS cannot make anyone holy, but it can remove snares that pull hearts away from Jesus.

Proverbs 4:23 (NET)

Shared stewardship

Pricing on the honor system

Pricing exists to cover servers, bandwidth, and upkeep—not to sell holiness. All support is best-effort, not an SLA or custom filter build. If you can support the work, please do; if you cannot, you are still welcome.

Individuals, Families, Churches

Free*

Use GraceDNS freely and give if you are able. Gifts help keep the service running for everyone else.

Gifts are not tax-deductible and cannot be refunded; we will correct billing mistakes promptly.

Schools

$1.50 per student / year

Staff are always free. Honor-system pricing with best-effort support (no enterprise SLA). If your school sincerely cannot reach this rate, contact us to discuss a reduced amount.

Need an invoice, quote, or W-9? Email us with student count and intended tier. If you are tax-exempt in Mississippi, include your exemption letter. All billing paperwork is handled through Ole Brook Web Services, LLC in Mississippi.

Contact for school quote

Businesses

$2.00 per staff / year

Honor-system pricing with best-effort support. No guaranteed customization or SLA—just practical help where we can.

We can provide quotes, invoices, and a W-9 on request through Ole Brook Web Services, LLC. Mention staff count and intended tier so we can prepare the paperwork quickly.

Contact for business quote

Enterprise / Large orgs

Contact us

For larger deployments, compliance needs, or potential SLAs and custom filtering discussions, reach out. Pricing remains honor-system; we will be candid about what we can and cannot offer.

We can share quotes, invoices, W-9, and vendor forms through Ole Brook Web Services, LLC. Include headcount, intended tier, and any procurement requirements.

Contact enterprise

*Free for individuals, families, and churches—gifts encouraged if you are able.

Need guidance?

Questions we hear most

How do the tiers differ?

Eden is the gentlest option for daily family use. Sinai is the balanced default for most households and churches with stronger ad/telemetry cuts. Zion is the strictest option for kiosks, young users, and distraction-free appliances.

Will the stronger tiers break sites?

We tune lists to avoid needless breakage, but the stricter the tier, the higher the chance something relies on what we block. Zion may pause certain notification-heavy apps; keep Sinai or Eden handy and request an allowlist if a site is miscategorized.

Where should families begin?

Most households start with Sinai for firm protection and minimal breakage. Use Eden for work devices that must stay flexible. Reserve Zion for supervised stations, younger users, or locked-down appliances.

Do you log what I browse?

We only see what is required to answer DNS requests. Troubleshooting logs are short-lived and anonymized (for example, IPv4 addresses masked to 123.123.123.xxx) and are deleted after the issue is fixed. We do not sell data, build marketing profiles, or use behavioral advertising.

How do I switch tiers later?

Replace the DoH/DoT endpoint in your settings or install the profile for a new tier. Most devices adopt the change within seconds.

How does pricing work?

Individuals, families, and churches use GraceDNS freely and may give if able. Schools are asked for $1.50 per student per year (staff are free). Businesses are asked for $2.00 per staff member per year. All pricing is on the honor system and support is best-effort, not an SLA. If a school sincerely cannot reach the listed rate, contact us to discuss.

Is GraceDNS only for churches?

No. Individuals and families are first, and we gladly serve churches, ministries, schools, and businesses. Schools and businesses are simply asked to help cover costs so GraceDNS can stay free for households and churches.

Do you guarantee uptime?

We work hard to keep GraceDNS reliable, but outages can happen from upstream providers, networks, routing, DDoS, or maintenance. Service is as-is and as-available with no uptime guarantees. Please keep backup DNS resolvers if you need them.

Troubleshooting

Check what each tier returns

Enter a domain and we’ll send DoH queries to Eden, Sinai, and Zion so you can see which tier blocks it, whether SafeSearch redirects fire, and whether you need to request an allowlist.

Eden

Waiting

Enter a domain to start.

Sinai

Waiting

Enter a domain to start.

Zion

Waiting

Enter a domain to start.

Covering details

GraceDNS is shepherded by Ole Brook Web Services

Ole Brook Web Services in Mississippi builds practical network tools for families, churches, ministries, schools, and small businesses. GraceDNS is part of that work: the same DNS filtering we deploy for our own clients, offered freely to the wider Body. Using GraceDNS indirectly supports the broader hosting and network services we provide.

Visit olebrookwebservices.com
Copied to clipboard.